Jump to content

Archived

This topic is now archived and is closed to further replies.

Sebkinne

Keylogger

Recommended Posts

Hey everyone,

As you all know, Digininja and WhistleMaster have been working hard to bring you their Keylogger infusion.

This infusion is now ready and you will find it in your local Pineapple bar.

Seeing as this is a rather complex module, there are bound to be issues with it.

Some of the issues we know about, some we don't. We ask you to report any issues you are having / any bugs you are experiencing. Please do this in an ordered fashion. Read through the entire thread and see if your issue has already been reported. If so and you have more to add, please quote the issue and add your findings to it.

Please do not complain that something doesn't work. We are all working together to make this a great module, but please don't ask for ETAs.

Note that for the module to work you may need to run the 2.7.5 firmware. This is due to kernel dependencies of ebtables.

List of known issues upon release:

  • If the browser sends a GET request that has the full url ie "GET http://blah.com/file HTTP/1.1" instead of "GET http://blah.com/file HTTP/1.1", some pages will fail to load (wikimedia for example - means no CSS for wikipedia).
  • If an input field already has an onkeypress method attached to it, it will get overwritten - this will probably break the site's functionality. Can be fixed quite quickly but more on that later.
  • The install_keylogger() javascript function doesn't always fire if the page takes too long to load.
  • Typing in input forms has a bit of a lag about it. Not much we can do about that.

We are looking forward to your feedback and hope you enjoy this module! We will keep enhancing it's performance and reliability and try to iron out any issues found.

Share this post


Link to post
Share on other sites

Great collaboration on this module :) ! Thanks to Digininja for the hard work on the proxy and to Seb for his help to fix the issues !

Share this post


Link to post
Share on other sites

Thanks to Seb and WM for their help with this. As Seb says, we know there are a few bugs, I know how to fix some of them and just need to find time to do it, but now this is fairly stable we wanted to get it out there and into peoples hands so it can be tested and bugs found.

If you want to know how the proxy works then I've put quite a few commends in proxy.rb, k.php and k.js but I'm also planning to do a write up on it.

Enjoy

Share this post


Link to post
Share on other sites

Well it works. What do you attribute the slow entry to? When I rolled my own solution, I didn't run into this issue.. however it didn't inject into the page nearly as well as this one. Great work guys!

-Shark3y

Share this post


Link to post
Share on other sites

Well it works. What do you attribute the slow entry to? When I rolled my own solution, I didn't run into this issue.. however it didn't inject into the page nearly as well as this one. Great work guys!

-Shark3y

The reason for the input lag is because every key pressed is transmitted via a post request. It is being run synchronously. Otherwise the key order could get messed up.

The issue with doing it asynchronously is that we would need to also transmit a time-stamp. This is something that could be incorporated into a future version.

Share this post


Link to post
Share on other sites

I've a bit of a plan to leave it as it is for now and collect bug reports then do upgrades and bug fixes in a single release.

That is unless a module-stopping bug comes in, then I'll fix it early.

Share this post


Link to post
Share on other sites

i think i may be doing something wrong because i am not getting any data when i login to sites. My setup is below:

i have updated the firmware to 2.7.5 and installed the keylogger to my usb.

I have then connected the pineapple to a AP with internet access.

I then turned the keylogger on.

I then went to a few sites to login (firefox loads some sites ok but internet explorer is terrible it will not even load sites such as facebook)

No data was returned.

If my setup is wrong please tell me because iv been waiting for this to come out since i heard it was in development

Share this post


Link to post
Share on other sites

Is your pineapple acting as a bridge or a router? If you don't know then it will be bridge.

Try to see if you can get the keylogger javascript through the browser, visit http://172.16.42.1/k.js and see if it gives you a file.

We are only keylogging on HTTP sites as you can't inject into HTTPS, didn't Facebook go HTTPS only recently?

Share this post


Link to post
Share on other sites

How works? I installed it but doesnt capture nothing. I triying the link above and give me the file, but I doesnt know how works.

Share this post


Link to post
Share on other sites

What link above? This is a module that you install on the Pineapple

Share this post


Link to post
Share on other sites

Is your pineapple acting as a bridge or a router? If you don't know then it will be bridge.

Try to see if you can get the keylogger javascript through the browser, visit http://172.16.42.1/k.js and see if it gives you a file.

We are only keylogging on HTTP sites as you can't inject into HTTPS, didn't Facebook go HTTPS only recently?

This Link for test it,

Share this post


Link to post
Share on other sites

So if you can see the javascript file then things are probably installed. You just need to visit a HTTP site (not HTTPS) and then watch the log while typing into an input field or text area.

Share this post


Link to post
Share on other sites

I seem to be having issue as well. And I'm probably doing something stupid. Is there a site, say doing a search on Slashdot, that we can use as a testing reference so that we're all on the same page (no pun intended)?

Share this post


Link to post
Share on other sites

What is your network setup ? From which interface are you sharing the internet ?

Typical setup using a laptop to route traffic through. Laptop wlan0 is furthest upstream, to eth0 then to br-lan on the pineapple and it's wlan0.

Everything else is working ok, e.g., sslstrip and urlsnarf. Do I need to have those off for the keylogger to work?

Share this post


Link to post
Share on other sites

Figured it out: If URLsnarf is running Keylogger does not work. Any thoughts on why this is and what we can do about it? (also my URLsnarf is configured for wlan0 since if its on br-lan, which it is by default, it conflicts with SSLstrip)

Two other things:

1) the logs should go into /usb/data/

2) needs the autostart feature

Share this post


Link to post
Share on other sites

The reason for this is that they both (and sslstrip) redirect all port 80 traffic that is heading over the network bridge to themselves. There can be only one recipient of this traffic so when you start one you kill the other.

I've got a partially implemented solution to this in my proxy but haven't had time to finish it yet so for now you are limited to one or the other.

We didn't realise this otherwise we could have put up a warning when you try to start multiple apps.

Share this post


Link to post
Share on other sites

Hi guys a bit of a noob question do I need to have my wifi card in monitor mode for keylogger to work?

Share this post


Link to post
Share on other sites

Nop. Just make the pineapple with a internet connection, start karma, start keylogger

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...